On Mon, Mar 23, 2026 at 7:46 AM John Mattsson <john.mattsson= [email protected]> wrote:
> Very unrelated from WebPKI, but almost all 3GPP use of TLS, DTLS, and QUIC > are mutually authenticated and will continue rely on TLS-Client > certificates. 3GPP relies on the Internet PKI profile (RFC 5280) for > everything including device certificates. I think the same applies to the > other large use cases of mTLS in enterprise, government, and IoT. > > I am worried about recent trends to use WebPKI for non-Web use cases. The > WebPKI relies on hundreds of trusted roots, have quite weak security for > issuance, does not do revocations, > This statement is not correct. The WebPKI does do revocations. In fact, there are so many revocations (about 8 million/1% of the issued number) that you need special data structures to efficiently propagate the revocations to the browser [0] -Ekr [0] https://research.mozilla.org/files/2025/04/clubcards_for_the_webpki.pdf?_gl=1*11knujb*_ga*MTM3MDA3NjU1My4xNzYyMzgyNzQ1*_ga_X4N05QV93S*czE3NzQyNzc5OTMkbzI5JGcwJHQxNzc0Mjc3OTkzJGo2MCRsMCRoMA .. and now will not do client authentication. It is very unsuitable for most > other use cases. Similarly, technologies and policies like transparency and > short-term certificates might not be adding much for other applications. > > Cheers, > John Preuß Mattsson > > *From: *Salz, Rich <[email protected]> > *Date: *Monday, 23 March 2026 at 15:36 > *To: *Tls <[email protected]>, [email protected] <[email protected]> > *Subject: *[TLS] TLS Client Certificates; a survey > > Since WebPKI CA’s will not be able to issue TLS-Client certificates, what > are the customers and CAs thinking of doing? > > Replies to be will be summarized to both lists. Please be careful if you > use reply-all. > > _______________________________________________ > Spasm mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
